IW Weekly #3: SQL Injection, Data Exfiltration, Log Poisoning, Blind XSS, and more.

IW Weekly #3: SQL Injection, Data Exfiltration, Log Poisoning, Blind XSS, and more.

Hey 👋

Welcome to the third edition of the Infosec Weekly - the Monday newsletter bringing to you the best write-ups in Infosec straight to your inbox.

Hope you had a great week. Our team is excited to share that our Medium publication, Infosec Writeups, has crossed 25,000 readers. Our LinkedIn page too has more than 10,000 followers. If you have published an article on the publication, feel free to add yourself as a writer on your LinkedIn profile for some extra 🔥

In today’s newsletter, we have curated some amazing articles to help you learn something new in Infosec and think out of the box.

Excited? Let’s dive into some interesting write-ups hand-picked by our team👇

#1 -   Learn how you can abuse svg foreignObject to get internal information and use javascript to exfiltrate the data and a few more bypasses using meta and style tags.

#2 - Learn how to setup burp with android studio in macbook in order to test android apps.

#3 - Learn how you can escalate a url found in a youtube video to SQL Injection.

#4 - Learn how you can poison the logs by sending malicious payloads in the user agent header in order to get a blind XSS.

#5 - Learn how you can use google dorks to find a vulnerability.

#6 - Learn how to reverse engineer the javascript files using chrome debugger in order to bypass client side games.

That’s all for this week. Hope you enjoyed these incredible finds and learned something new from today’s newsletter.

Videos of the week

We recently organized IWCON 2022: the awesome virtual cybersecurity conference and networking event. If you missed it, or you want to witness the awesomeness once again, we bring for you 2 videos every Monday:

  1. Anugrah SR shared his transformational journey from being a Biologist to a Security consultant. Watch it here.
  2. Roshan Piyush talked about Dissecting Techniques to Shoot API Arrows at Vulnerable Services. Watch it here.

On that note, we’re planning IWCON version 2.0 super soon. And now, you can be a part of the awesome virtual cybersecurity event even before the world witnesses it! Fill this form to help us help “YOU” provide the best Infosec insights and learnings from amazing experts around the world.😊

Before we say bye…

If you found this newsletter useful and interesting, and know other people who would too, we'd really appreciate if you could forward it to them 📨

If you have questions, comments, or feedback, just reply to this email or let us know on Twitter @InfoSecComm.

See you again next week.

Lots of love

Editorial team,

Infosec Writeups

Subscribe to The Infosec Newsletter

Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
[email protected]